[tor-bugs] #17358 [Tor]: Decide what options to disable with Single Onion Services

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 16 05:30:28 UTC 2015 

#17358: Decide what options to disable with Single Onion Services
-----------------------------+--------------------------------
     Reporter:  teor         |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  Medium       |  Milestone:  Tor: 0.2.8.x-final
    Component:  Tor          |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:  #17178
       Points:               |    Sponsor:
-----------------------------+--------------------------------
 Tor2Web mode disables certain options because one-hop paths break them.
 Single Onion Services (all flavours) should do this as well.

 We might also want to recommend setting DisablePredictedCircuits as well,
 as descriptor uploads are the only task that uses predicated circuits.
 (One-hop circuits aren't cannibalized or re-used for intro and rendezvous
 point connections.)

 options_validate() currently disables LearnCircuitBuildTimeout and
 UseEntryGuards:
 {{{
   if (options->Tor2webMode && options->LearnCircuitBuildTimeout) {
     /* LearnCircuitBuildTimeout and Tor2webMode are incompatible in
      * two ways:
      *
      * - LearnCircuitBuildTimeout results in a low CBT, which
      *   Tor2webMode's use of one-hop rendezvous circuits lowers
      *   much further, producing *far* too many timeouts.
      *
      * - The adaptive CBT code does not update its timeout estimate
      *   using build times for single-hop circuits.
      *
      * If we fix both of these issues someday, we should test
      * Tor2webMode with LearnCircuitBuildTimeout on again. */
     log_notice(LD_CONFIG,"Tor2webMode is enabled; turning "
                "LearnCircuitBuildTimeout off.");
     options->LearnCircuitBuildTimeout = 0;
   }

   if (options->Tor2webMode && options->UseEntryGuards) {
     /* tor2web mode clients do not (and should not) use entry guards
      * in any meaningful way.  Further, tor2web mode causes the hidden
      * service client code to do things which break the path bias
      * detector, and it's far easier to turn off entry guards (and
      * thus the path bias detector with it) than to figure out how to
      * make a piece of code which cannot possibly help tor2web mode
      * users compatible with tor2web mode.
      */
     log_notice(LD_CONFIG,
                "Tor2WebMode is enabled; disabling UseEntryGuards.");
     options->UseEntryGuards = 0;
   }
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17358>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list